PF_PACKET-family socket requires root privilege, how is that configured on linux?

I know the fact that PF_PACKET-family socket requires root privilege,

but I don't know how that is configured on linux.

Anyone knows how开发者_开发百科, is it hard-coded in the kernel directly?

It used to be the case that it was just hard-coded in the kernel.

But starting with version 2.2, Linux has introduced capabilities (see http://linux.die.net/man/7/capabilities) and the kernel now checks for the CAP_NET_RAW capability - see net/packet/af_packet.c.

The root user is still assumed to have all capabilities. Although keep in mind that with virtualization and multiple containers, there can be multiple distinct root users - so even the check for root is a bit more complicated nowadays than just checking uid==0 - see security/commoncap.c.